Skip to main content

Alpha This is a new service. Help us improve it and give your feedback.

About

The UK Health Security Agency (UKHSA) organisational standards repository is a collection of guidelines, best practices, and tools that define how we do engineering at UKHSA. It serves as a reference for our teams and partners to ensure consistency, reliability, and security across all engineering disciplines.

Scope and audience

These standards apply to all engineering teams involved in building and operating software at UKHSA. They cover the full software delivery lifecycle, from planning and design through to deployment, monitoring and decommissioning.

The guidance is intended to support teams in meeting the expectations of architecture, security and governance functions by embedding good practice into day-to-day delivery.

Intended audience:

  • Software engineers and developers
  • Engineering leads and delivery teams
  • People involved in designing, building or operating software systems

How to read the guidelines

The CAPITALISED words throughout these guidelines have a special meaning:

The following key words are used throughout this guidance to indicate the strength of each requirement. These are adapted from RFC2119 and contextualised for UKHSA:

  1. MUST  This word, or the terms “REQUIRED” or “SHALL”, mean that the requirement is mandatory. It applies universally and must be followed without exception unless formally approved.

  2. MUST NOT  This phrase, or the phrase “SHALL NOT”, mean that this action is explicitly prohibited. It must not be taken under any circumstances unless an approved exception is in place.

  3. SHOULD  This word, or the adjective “RECOMMENDED”, mean that this is a strong recommendation. There may be valid reasons to deviate, but the implications must be understood, justified and documented.

  4. SHOULD NOT  This phrase, or the phrase “NOT RECOMMENDED”, mean that this is a strong recommendation against a practice. Exceptions may exist, but they must be carefully considered, justified and documented.

  5. MAY  This word, or the adjective “OPTIONAL”, mean that this is an optional practice or recommendation. Teams may choose to adopt it based on context, value or preference.

Published: 23 July 2025
Last updated: 13 October 2025
Page Source